Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Burp Suiteの便利な機能でバグバウンティ / Burp Suite's useful ...

Sponsored · Your Podcast. Everywhere. Effortlessly. Share. Educate. Inspire. Entertain. You do you. We'll handle the rest.
Avatar for no1zy no1zy
March 11, 2019
1.7k
5

Burp Suiteの便利な機能でバグバウンティ / Burp Suite's useful function

Burp Suite Japan LT Carnivalでの発表資料

Avatar for no1zy

no1zy

March 11, 2019

More Decks by no1zy

See All by no1zy
バグバウンティ入門してみた /Getting started with Bug Bounty
Avatar for no1zy no1zy
14
4.8k

Featured

See All Featured
Chasing Engaging Ingredients in Design
Avatar for Sebastian Deterding codingconduct
0
160
How to Build an AI Search Optimization Roadmap - Criteria and Steps to Take #SEOIRL
Avatar for Aleyda Solis aleyda
1
2k
Evolution of real-time – Irina Nazarova, EuRuKo, 2024
Avatar for Irina Nazarova irinanazarova
9
1.2k
SEO Brein meetup: CTRL+C is not how to scale international SEO
Avatar for Linda Hogenes lindahogenes
1
2.5k
Crafting Experiences
Avatar for Bethany Jepchumba bethany
1
100
CSS Pre-Processors: Stylus, Less & Sass
Avatar for Bermon Painter bermonpainter
360
30k
4 Signs Your Business is Dying
Avatar for Josh Pigford shpigford
187
22k
Exploring the relationship between traditional SERPs and Gen AI search
Avatar for Ray Grieselhuber raygrieselhuber
PRO
2
3.8k
Navigating the moral maze — ethical principles for Al-driven product design
Avatar for Skipper Chong Warson skipperchong
2
320
SERP Conf. Vienna - Web Accessibility: Optimizing for Inclusivity and SEO
Avatar for Sara Fernández Carmona sarafernandez
2
1.4k
The MySQL Ecosystem @ GitHub 2015
Avatar for Sam Lambert samlambert
251
13k
VelocityConf: Rendering Performance Case Studies
Avatar for Addy Osmani addyosmani
333
25k

Transcript

  1. Burp SuiteͷศརͳػೳͰ όάό΢ϯςΟ No1zy

  2. ࣗݾ঺հ • twitter: @no1zy_sec • ৘ใܥઐ໳ֶੜ • ৽ถόάϋϯλʔ • ڈ೥ͷ֫ಘใ঑ۚ૯ֹ

    612ສԁ

  3. όάϋϯλʔ͸Burp Suite͕େ޷͖ The 2019 Hacker Report

  4. Կ͕ศརʁ • Web Penetrationʹඞཁͳػೳ͕ॆ࣮͍ͯ͠Δ • Pro൛Ͱར༻Ͱ͖Δػೳ͕ڧྗ

  5. ঺հ͢Δศརػೳ 1. Burp Collaborator client 2. Find Script 3. Analyze

    target શͯPro൛ͷΈͰར༻Ͱ͖Δ

  6. 1. Burp Collaborator client

  7. Burp Collaborator client • ֎෦ͷ଴ͪड͚αʔόʔͱͯ͠ͷ໾ׂΛ࣋ͭ ػೳ • Out-of-boundͳ௨৴͕ൃੜ͢Δ߈ܸΛൃݟ͢ Δͱ͖ʹ༗ޮ •

    DNS, HTTP/HTTPS, STMP/SMTPSʹରԠ

  8. ࢖͍ํ 1. Burp > Burp Collaborator clientΛΫϦοΫ

  9. ࢖͍ํ 2. Copy to clipboardΛΫϦοΫ

  10. ࢖͍ํ $ curl http://fn6i69eh10k070ymmdjzeicppgv6jv.burpcollaborator.net ઀ଓςετ

  11. ࢖͍ํ • ϦΫΤετΛ֬ೝ͢Δ

  12. SSRFͷςετྫ GitLabͷϦϙδτϦΠϯϙʔτػೳ

  13. SSRFͷςετྫ ίϯςϯπΛऔಘ͢ΔΑ͏ͳϦΫΤετ͕ ൃੜ͢Δػೳ͸ɺSSRF͕Մೳͳ৔߹͕͋Δ

  14. http://127.0.0.1:22 SSRF Payload

  15. SSRFͷςετྫ Ϩεϙϯε

  16. http://127.0.0.1:4444 SSRF Payload

  17. SSRFͷςετྫ Ϩεϙϯε

  18. ΤϥʔϝοηʔδͷࠩҟΛ ར༻ͯ͠ϙʔτεΩϟϯ͕Մೳ

  19. None

  20. 2. Find Script

  21. Find Script • JavaScriptϑΝΠϧΛऩू͢Δ໨తͰ࢖༻͢Δ • APIΤϯυϙΠϯτͷൃݟɺAPIΩʔͳͲͷػ ີ৘ใɺ੬ऑੑʹͳΓಘΔίʔυͷൃݟͳͲ ʹ໾ཱͯΔ͜ͱ͕Ͱ͖Δ

  22. ࢖͍ํ 1. Engagement tools > Find scriptsΛΫϦοΫ ͏s

  23. ࢖͍ํ • JavaScriptϑΝΠϧ͕Ϧετ͞ΕΔ

  24. ࢖͍ํ • Export scriptsͰϑΝΠϧʹநग़΋Ͱ͖Δ

  25. APIΤϯυϙΠϯτͷಛఆ 1. JavaScriptίʔυ͕ଘࡏ͢ΔURLΛऩू 2. JSParserͳͲͷπʔϧΛ༻͍ͯAPIΤϯυϙ ΠϯτΛಛఆ͢Δ

  26. JSParser

  27. 1. JavaScriptίʔυ͕ଘࡏ͢ΔURLΛऩू 1. Find ScriptͰURLΛϦετ͢Δ 2. Copy selected URLsΛΫϦοΫ

  28. HistoryͷϑΟϧλϦϯάػೳͰ΋୅༻Մೳ 1. Proxy > History > ϑΟϧλʔઃఆΛ։͘ 2. Show only

    ʹνΣοΫ͠ js ͱೖྗ

  29. HistoryͷϑΟϧλϦϯάػೳͰ΋୅༻Մೳ 3. ΞΠςϜΛશબ୒͢Δ

  30. HistoryͷϑΟϧλϦϯάػೳͰ΋୅༻Մೳ 4. Copy URLsΛΫϦοΫ

  31. 2. APIΤϯυϙΠϯτΛಛఆ͢Δ 1. ίϐʔͨ͠URLΛషΓ෇͚ 2. JSParseΛΫϦοΫ

  32. ৽ͨͳϦιʔεΛಛఆ͢Δ͜ͱͰ੬ऑੑΛൃݟ Ͱ͖Δ֬཰Λ্͛Δ 2. APIΤϯυϙΠϯτΛಛఆ͢Δ

  33. 3. Analyze target

  34. Analyze target • Ͳͷύϥϝʔλ͕Կճ࢖༻͞Ε͍ͯΔ͔೺Ѳ Ͱ͖Δ • ੬ऑੑͷԣల։΍ύϥϝʔλϕʔεͰ੬ऑੑ Λ୳͍ͨ࣌͠ʹ༗ޮͳ৔߹͕͋Δ

  35. ࢖͍ํ 1. Engagement tools > Analyze target ΛΫϦοΫ

  36. ࢖͍ํ ղੳ݁ՌΛ֬ೝ͢Δ

  37. Happy Hunting!